Made to Order Software Corporation Logo


Security Issue in many mail systems

It always amazes me when one finds a security issue that looks like something that should never have happened in the first place.

This one was found earlier this year by Wietse Venema who first discovered the issue in Postfix.

He fixed the Postfix server quickly, however, he went further. He actually tested many other servers sending commands that bypass that very security measure and to his surprised he found out that Postfix wasn't the only system affected by the problem.

For those interested, all the details of the problem can be found on the Postfix website as CVE-2011-411.

A ...

Insert Node Parameter: target (6-1.4) [no content]

Add a window target in a link. For example

   [node:123 target=_blank; link]

This option only applies to links and defines the target attribute of those links, as created with:

Insert Node Parameter: title (6-1.1),

Insert Node Parameter: link (5-1.0), or

Insert Node Parameter: more (6-1.1).

Using the target option by itself resets the Insert Node module to the default behavior (i.e. no target attribute):

   [node:123 target=_blank; link target more]

The title link will have target="_blank" and the more link will not.

Note that this data is

Drupal Aggregator

The default Aggregator Drupal module does not work very well. There are several problems with the Drupal Core module, one of which we have not fixed in our version (i.e. the flatness of the item table.)

There is a list of the known issues and our comments and whether we fixed the problem:

Problem Solution in m2osw's version of Aggregator
Missing XML marker The <?xml ... ?> marker is missing from some RSS feeds, add it as required
Spurious data Some RSS feeds add spurious data ...

Insert Node Parameter: override (6-1.3) [special]


This parameter is considered a security hazard. There is an option in your format definition that you have to turn on in order for the feature to work. When not selected, override is ignored. Only allow this feature in an input filter where you can trust users 100%.

One can use the override parameter to replace the expected data with their own data. Although one would think using the data directly would work as well, there are cases when this is useful.

By default the InsertNode module gets data from the $node object as defined by the system. At times, the data available in the

Thank you for subscribing to Fax Now Online

Thank you for subscribing to Fax Now Online.

Please, check out your account (under My Account, click on My Account Options and then on the tab named MO Fax,) and feel free to change the default fax settings.

To send a fax, click on My Account and then Send a Fax Now. This opens a form where you can enter the fax data and then send it to our fax servers. The form is pretty well documented. For additional help, check out the Fax Now Online Browser page.

Whenever you come back, you will have to log in your account first. To do so, click on My Account and you will see a Log In menu entry. ...

jsMath Security Issue

Security Issue

A security issue was found in all versions of jsMath before 2.x-dev for Drupal 6.x of Jul 29, 2010.

You may still securely use older versions of jsMath on private websites and websites were you are the only user (as in, the only one who can log in.)

The Drupal Security Advisory issue is here:

Other Problem

There is another problem: jsMath offers a JavaScript function that parses entire web pages (although there are ways to circumvent that problem, the module does not currently make use of those.) The jsMath Drupal module uses the ...

SimpleMenu Custom Theme


The newer versions of SimpleMenu allows for an easy way of adding custom themes.

There are two main ways to add new SimpleMenu themes:

1. In the simplemenu themes folder;

2. In your theme folder.

SimpleMenu themes folder


If you look under the simplemenu folder, you will see a sub-folder named themes. You can place your own specialized themes in that folder to make them available system-wide (i.e. if you are using many themes or use one Drupal installation for many websites.) In other words, this folder is viewed as a global theme folder.

The themes folder ...

To Do List Global Settings

Global Settings

Global settings are found under Administer » Site configuration » To do list (admin/settings/to_do).

Only To Do List administrators can edit the Global Settings.

Extend To Do List with other modules


The To Do List module can be extend with the use of other modules. This page describes such extensions and what you can do with them.


You may want to allow more people to work on your To Do List with better granularity in regard to who can edit which issue (instead of all of them) and who can view issues.

There are two modules you can use for this pupose. One lets you choose based on a set of taxonomy terms and the other lets you choose based on available roles.

In order to use a taxonomy with a set of terms, use tac_lite1

  • 1. tac_lite stands for Taxonomy ...

Insert Node Parameter: cckteaser (6-1.3)

The CCK parameter let you insert one of your CCK field in full. This parameter, cckteaser, let you insert the teaser of your CCK field.

This feature uses the teaser flag of the CCK module in order to insert the teaser data. This means only the field_<name> fields make the distinction between cck=... and cckteaser=..., the other fields simply ignores the difference.

For more information on the CCK field names that are supported, check the Insert Node Parameter: cck (6-1.2) page.



Note that the parameter value ends with a semi-colon! Do not include quotes